Academic Commons Search Resultshttp://academiccommons.columbia.edu/catalog.rss?f%5Bauthor_facet%5D%5B%5D=Voris%2C+Jonathan+A.&f%5Bgenre_facet%5D%5B%5D=Articles&q=&rows=500&sort=record_creation_date+desc
Academic Commons Search Resultsen-usFox in the Trap: Thwarting Masqueraders via Automated Decoy Document Deploymenthttp://academiccommons.columbia.edu/catalog/ac:187154
Voris, Jonathan A.; Jermyn, Jill Louise; Boggs, Nathaniel Gordon; Stolfo, Salvatorehttp://dx.doi.org/10.7916/D82V2F9FTue, 14 Jul 2015 00:00:00 +0000Organizations face a persistent challenge detecting malicious insiders as well as outside attackers who compromise legitimate credentials and then masquerade as insiders. No matter how good an organization’s perimeter defenses are, eventually they will be compromised or betrayed from the inside. Monitored decoy documents (honey files with enticing names and content) are a promising approach to aid in the detection of malicious masqueraders and insiders. In this paper, we present a new technique for decoy document distribution that can be used to improve the scalability of insider detection. We develop a placement application that automates the deployment of decoy documents and we report on two user studies to evaluate its effectiveness. The first study indicates that our automated decoy distribution tool is capable of strategically placing decoy files in a way that offers comparable security to optimal manual deployment. In the second user study, we measure the frequency that normal users access decoy documents on their own systems and show that decoy files do not significantly interfere with normal user tasks.Computer sciencejv2428, jj2600, ngb2113, sjs11Computer ScienceArticlesLost in Translation: Improving Decoy Documents via Automated Translationhttp://academiccommons.columbia.edu/catalog/ac:153256
Voris, Jonathan A.; Boggs, Nathaniel Gordon; Stolfo, Salvatorehttp://hdl.handle.net/10022/AC:P:14892Thu, 11 Oct 2012 00:00:00 +0000Detecting insider attacks continues to prove to be one of the most difficult challenges in securing sensitive data. Decoy information and documents represent a promising approach to detecting malicious masqueraders, however, false positives can interfere with legitimate work and take up user time. We propose generating foreign language decoy documents that are sprinkled with untranslatable enticing proper nouns such as company names, hot topics, or apparent login information. Our goal is for this type of decoy to serve three main purposes. First, using a language that is not used in normal business practice gives real users a clear signal that the document is fake, so they waste less time examining it. Second, an attacker, if enticed, will need to exfiltrate the document's contents in order to translate it, providing a cleaner signal of malicious activity. Third, we consume significant adversarial resources as they must still read the document and decide if it contains valuable information, which is made more difficult as it will be somewhat scrambled through translation. In this paper, we expand upon the rationale behind using foreign language decoys. We present a preliminary evaluation which shows how they significantly increase the cost to attackers in terms of the amount of time that it takes to determine if a document is real and potentially contains valuable information or is entirely bogus, confounding their goal of exfiltrating important sensitive information.Computer sciencejv2428, ngb2113, sjs11Computer ScienceArticles